Dutch hackers have exploited a WebKit bug in mobile web browser Safari to rinse an iPhone 4S of its photos, address book contacts and its browser history. The flaw exists in Apple's iOS 5.1.1 and the latest developer preview of iOS 6, the first public build of which was released last night to fanbois.
It should thus affect …

COMMENTS

There is no vulnerability

Re: There is no vulnerability

Actually, following your logic, holding it wrong would actually close the vulnerability on an iPhone 4 (in a sledgehammer/walnut style). Of course, that issue was fixed on the 4S and 5, so these would remain vulnerable...

Re: Eh?

Today somebody hacks the browser and cannot get to the email (but could get to the photos). Maybe tomorrow somebody else hacks the email and cannot get to your bookmarks (but probably still can get your photos). The warning is in general, not as a defense against the specific hack.

Whether the warning is one you should heed, would depend on a proper risk-analysis. "Oh my God, there's an exploit, abandon all hope!" is nearly as silly as "My phone is my castle."

Re: AC trash talk

Re: AC trash talk

If you're referring to the deleted comment, it was removed for the anonymous abuse. Let's stick to technical discussions.

One thing we forgot to add is that the S III is set to get Android 4.1 Jelly Bean, which has had a lot of NFC fixes and is not the 4.0.4 compromised by the team . Anyway, both hacks are significant in terms of security and skill, and a second story is in the works.

Re: email

Re: email

But email addresses reside in the contacts list which was available to the exploit, if I read TFA correctly. Just the addresses of the people that CEOs communicate with in the course of business could facilitate a spear phishing attack, no?

The advice is good, if a bit elliptical: keep your confidential work communications safely on a confidential work communications network.

Re: IOS, bleegh but morre serious

More about the Galaxy S3 exploit

"MWR showed an exploit against a previously undiscovered vulnerability on a Samsung Galaxy S3 phone running Android 4.0.4. Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation."

At least Apple was wise enough to leave NFC out of the iPhone 5...

Seriously, paying with NFC when the hardware you rub your phone against can just take it over then seems to be a very bad idea.

What ignorant nonsense

Not just iOS and Andorid use webkit

Webkit is a very widely used web engine, and turns up in all sorts of places. Of course, they'd all need their own exploit writing for them independently, since this involves constructing executable code which talks to the OS, assuming the exploit is in all versions of it.

Mind you, I'm yet to be convinced that anything more complex than a microwave oven connected to the internet can't be exploited if someone has a reason to spend the time to hack you.